Professional Documents
Culture Documents
• Technology neutral
• Application testing matched to the technology
• Serves the Developer and the Accreditor
• Works with existing human and DevOps processes
Figure B. – OpenControl enables more
effective stakeholder participation
OpenControl also helps unify stakeholder participation throughout the entire
DevSecOps toolchain (Figure B). It creates opportunity for continuous
collaboration and provides a means to implement, track, and monitor security
related controls throughout the entire DevOps process.
Continuous Accreditation occurs across three phases of software development and operations:
Deployment of a DevSecOps toolchain provides a number of benefits to the DoD ISR enterprise:
• Creates a shared incentive for close collaboration between software development organizations and
cyber/RMF inspection organizations
• Maximizes the number of inheritable RMF controls by utilizing shared environments and platforms
• Makes control evaluation as objective as possible encouraging test-driven development against
meaningful IT constraints
• Maximizes the opportunity to use common tools across programs
• Maximizes the use of containers and Platform as a Service (PaaS) capabilities enabling immediate
deployment of mission application containers